1

Using pre-signed URL method to upload a file from the browser(javascript) to spaces account. It has been blocked 

Access to XMLHttpRequest at 'https://my/signed/url' from origin 'http://192.168.1.233:8000' has been blocked by CORS policy: Response to the preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

XMLHttpRequest

var blob = new Blob([e.target.files[0]], {type: e.target.files[0].type});
var xhr = new XMLHttpRequest();
xhr.open('PUT', data.upload_url);
xhr.send(blob);
console.log(xhr.status)

Updated CORS Configurations(Host, Max Age and Allowed methods) in Spaces settings, but still the CORS header issue raises. What I'm actually missing here. The same works in python requests,

Python requests:

with open(archive_file, 'rb') as data:
        response = requests.put(signed_uri, data=data)

Sending as file index from $.ajax() is even failing. Can anyone suggest me how can I upload from javascript without using nodejs or react

Krish V
  • 486
  • 1
  • 5
  • 19
  • Turn on CORS on your server configuration (the problem is not on js/browser side) – Kamil Kiełczewski Nov 15 '18 at 08:24
  • @KamilKiełczewski Oh no, file uploads to be sent to digital ocean spaces(like aws-s3). No server involved here – Krish V Nov 15 '18 at 08:29
  • befeore you send file to s3 first your browser need send that file to your serwer - and on that serwer you need to turn on CORS. If you upload file directly from browser to s3 then this is NOT SECURE (because you need to use s3 credentials in browser code - so you expose it to grab by some hacker and use your s3 account) – Kamil Kiełczewski Nov 15 '18 at 08:31
  • 1
    I'm using `pre_signd_uri concept` generated by `django-server` by which we can directly upload with the URI to the spaces in javascript, thereby keys won't be exposed, POSTMAN uploads by `PUT` request. Browser blocks. – Krish V Nov 15 '18 at 08:38

0 Answers0